Techniques are disclosed relating to account security operations based on security risk values that are modified based on one or more security risk criteria. In some embodiments, a system stores a plurality of key-value pairs in a datastore. Each key may specify a set of multiple access attributes corresponding to an origin computing system from which one or more access attempts were initiated and each value may include access information for one or more access attempts whose access attributes match a corresponding key. In some embodiments, the access information includes one or more account identifiers and result indications. In some embodiments, the system modifies security risk values based on multiple security risk criteria associated with different granularities of information in the datastore. A first criterion may be evaluated at a key granularity based on access attempts that match all of the multiple access attributes for a key. A second criterion may be evaluated at an account granularity based on the access attempts to the account.